Skip to Main content Skip to Navigation
Reports

Detecting Subverted Cryptographic Protocols by Entropy Checking

Julien Olivain 1 Jean Goubault-Larrecq 1
1 SECSI - Security of information systems
LSV - Laboratoire Spécification et Vérification [Cachan], ENS Cachan - École normale supérieure - Cachan, Inria Saclay - Ile de France, CNRS - Centre National de la Recherche Scientifique : UMR8643
Abstract : What happens when your implementation of SSL or some other cryptographic protocol is subverted through a buffer overflow attack? You have been hacked, yes. Unfortunately, you may be unaware of it: because normal traffic is encrypted, most IDSs cannot monitor it. We propose a simple, yet efficient technique to detect most of such attacks, by computing the entropy of the flow and comparing it against known thresholds.
Document type :
Reports
Complete list of metadata

https://hal.inria.fr/hal-03200826
Contributor : Jean Goubault-Larrecq <>
Submitted on : Monday, April 19, 2021 - 10:53:48 AM
Last modification on : Saturday, May 1, 2021 - 3:39:33 AM

File

rr-lsv-2006-13.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03200826, version 1

Citation

Julien Olivain, Jean Goubault-Larrecq. Detecting Subverted Cryptographic Protocols by Entropy Checking. [Research Report] LSV-06-13, LSV, ENS Cachan. 2006. ⟨hal-03200826⟩

Share

Metrics

Record views

23

Files downloads

92